Your finance team is the priority for vishing training, for two reasons: finance is where AI-enabled fraud converts into cash, and awareness of the threat does little to stop it in the moment of attack. Two cases make the gap concrete. In 2020, a cloned voice convinced a Hong Kong bank manager to authorize $35 million in transfers. In 2024, a deepfake call cost the engineering firm Arup $25 million. In both, a careful employee complied, from negligence, but because no verification reflex engaged under pressure. That reflex can be trained.
Key takeaways
- Finance is the target because finance moves money. Treasury, AP, and finance staff can authorize transfers, which makes them the direct path to cash.
- Authority, urgency and confidentiality is the recurring playbook. Attackers impersonate a senior executive and frame the request as a secret, time-critical deal.
- Multi-channel corroboration defeats single-channel skepticism. Email plus a live voice call makes the fraud feel like a legitimate process.
- A cautious employee still complied. Knowledge did not survive the pressure of a real call. Reflexes do.
- Voice and video are no longer proof of identity. A clone needs about 10 seconds of audio; a 5-minute sample makes a strong one (ElevenLabs).
Why are finance teams the prime target for vishing?
Finance teams are targeted because they hold authorization power: they can release wire transfers, approve vendor changes, and act on executive instructions. Attackers skip the network entirely and social-engineer the person with the authority to pay. With AI cloning a CEO's voice cheaply, an "urgent CFO request" is now trivial to fake.
The economics back this up. Vishing is the second initial infection vector at 11% (Mandiant M-Trends 2026), users fall for voice and SMS 40% more than email (Verizon 2026 DBIR), and AI-enabled BEC losses topped $30M in 2025 (FBI IC3).
See our deeper look at why finance teams are the new front line →
The two cases below show what that exposure looks like in practice. Neither failed for lack of awareness. Both failed for lack of preparedness, the team had the knowledge but not the reflex.
Lessons from real case studies
The $35M cloned-voice transfer
In 2020, a branch manager at a Japanese company's Hong Kong office authorized $35M after a call from a voice he recognized as the parent-company director. The voice was AI-cloned. First reported by Forbes in 2021, the scheme allegedly involved at least 17 people and moved funds globally.
| Step | What happened |
|---|---|
| 1. Voice cloned | Attackers used "deep voice" AI to replicate the company director's speech. |
| 2. The call | The branch manager received a call from the "director" with good news: an acquisition requiring urgent transfers. |
| 3. Corroboration | His inbox held matching emails from the "director" and a lawyer confirming where funds should move. |
| 4. The transfers | Believing it legitimate, he began moving $35M. |
| 5. Dispersal | Funds were routed worldwide; investigators traced part to U.S. bank accounts and opened a UAE-led probe. |
The preparedness gap: nothing in the manager's routine forced him to verify the request independently. A recognized voice and confirming emails were enough, because there was no reflex to call the director back on a known number before moving money. This was not even the first such case, a 2019 attack cloned a UK energy CEO's voice for a ~$240,000 transfer.
The $25M Arup deepfake call
A finance worker at engineering firm Arup's paid out $25M across 15 transactions after a video call with what looked and sounded like the company's CFO and colleagues. Every "executive" on the call was an AI deepfake.
| Step | What happened |
|---|---|
| 1. Initial email | A message posing as the UK-based CFO requested a confidential transaction. The employee was skeptical and dismissed it. |
| 2. The escalation | To overcome doubt, the attackers invited the employee to a video call. |
| 3. The deepfake | High-fidelity deepfakes simulated the CFO and other colleagues in real time, with convincing voice and video. |
| 4. The transfers | Reassured by seeing "leadership," the employee executed 15 separate transfers. |
| 5. Impact | $25M lost. The case became a global wake-up call: "seeing is believing" is no longer a valid security check. |
The preparedness gap: the employee's instinct was right, to doubt the email, but there was no protocol for what to do next. With no way to verify identity independently of the call, the attackers simply escalated to a channel that felt more trustworthy, and the deepfake did the rest. Skepticism without a verification process is not a defense.
Stay ahead of advanced cyber threats. Discover key social engineering risks and readiness insights for financial security leaders.
Why these are preparedness failures, not awareness failures
Both employees almost certainly knew vishing exists. The knowledge did not help, because social engineering works by forcing an emotional state that overrides rational recall. Under the pressure of a live, high-stakes call, awareness collapses and behavior takes over. Awareness is not the same as preparedness. That is the real lesson of both heists: the missing control was not more information, it was a trained reflex backed by a hard verification rule. A single out-of-band callback to a known number would have stopped roughly $60M in fraud. The good news is that reflex can be built, deliberately and at scale. Here is how.
How to defend finance teams against AI vishing and deepfakes
The defense is behavioral, built through realistic, repeated simulations. As Arsen puts it: cybersecurity reflexes aren't taught, they're trained. Here is what works for a finance team.
- Mandate a double-verification rule: No transfer or sensitive action on a voice or video instruction without an out-of-band callback to a registered number, no matter who appears to be calling.
- Treat voice and video as spoofable: Train staff to assume any voice or face can be cloned. Identity is verified by process, not by recognition.
- Run periodic, varied simulations: Quarterly to monthly vishing simulations with different voices, numbers, and times, so people build a real reflex, not a sixth sense for the security team's tests.
- **Test the full kill chain: **Mirror real attacks across voice, SMS, and email together, the way both heists combined channels.
- Cover the whole finance function: Not just the CFO. AP clerks and treasury staff authorize payments too.
- Measure resilience over time: Track behavior, not completion rates, and feed results back into training.
Where Arsen fits
Arsen's vishing simulations runs realistic, AI-driven calls across your entire workforce as a coordinated, multi-vector kill chain:
- Voice call: a human-like AI caller that adapts to the target in real time.
- Spear-phishing email or SMS: triggered by the call and matched to its pretext.
- Landing page: a credential-capture or download simulation.
- Training page: just-in-time micro-learning while the moment is fresh.
You get outcomes a finance and risk owner can report: full coverage, the channels attackers actually use, progressive sequences that build reflexes under pressure, and measured resilience via real-time reporting and API. Pair the simulations with custom e-learning on voice cloning and the double-verification process to close the loop. For the broader sector view, see Arsen for financial services.
Frequently asked questions
Because they can authorize payments. Impersonating an executive and pressuring a finance employee is a direct route to cash, with no malware or network intrusion required.
Modern voice models can build a usable clone from around 10 seconds of audio, and a 5-minute sample produces a strong one, turning public interviews and webinars into a liability.
A mandatory out-of-band verification step, calling the executive back on a known internal number before releasing funds, regardless of how convincing the request seemed.
Train the reflex before the call comes
Your finance team's judgment is the last control before money leaves the building. Find out how they respond to a realistic AI vishing or deepfake scenario, then build the reflex that holds under pressure.
Download our vishing solution brief →
